Full guide2026-05-21
The Intelligent Shield. OpenCTI
OpenCTI deployment and AI-driven enrichment guide covering STIX 2.1, connectors, feeds, confidence scoring, hardening, and operational runbooks.
ctitoolaidetectionOpenCTI
Latest from RSS
Newest articles, sorted by publish date
RSS snapshot analyzed on 2026-05-21. Labels are based on available body length and article role.
Short guide2026-05-18
CTI Analyst Field Manual - Complete Reference
Entry point for the CTI Analyst Field Manual, intended as a reference map rather than a single deep technical walkthrough.
ctiguidereference
Article2026-05-13
Customer-Driven AI CTI Project
Overview and workflow quick reference for a gate-controlled CTI-to-detection project model.
ctiaidetectionworkflow
Full-long guide2026-05-12
Customer-Driven AI CTI Project Template: Part 2B - Reference Toolkit
Reference toolkit for CTI-to-detection execution, including artifacts, validation gates, and reusable delivery material.
ctidetectiontooltemplates
Full-long guide2026-05-12
Customer-Driven AI CTI Project Template. Part 2A: Phase-by-Phase Execution Guide
Phase-by-phase implementation guide for moving from intelligence requirements to hunts, detections, and customer delivery.
ctiaidetectionworkflow
Full-long guide2026-05-11
Customer-Driven AI CTI Project Template. Part 1: Foundations
Foundational methodology for a customer-driven AI CTI lifecycle with strict validation gates.
ctiaimethodologyworkflow
Full guide2026-05-10
Applying Sherman Kent's Analytic Discipline to CTI: A Practical Analyst Guide
Practical guide to evidence discipline, confidence language, and analytic integrity for CTI production.
ctiguideanalysis
Full-long guide2026-05-09
CTI-Led Defensive Strategy for a Cellular Provider (Case Study)
End-to-end telecom case study for core network, cloud operations, SOC/NOC, identity, third-party access, and executive decision support.
cticloudsoctelecom5G
Short guide2026-05-09
CTI Kill Chain: An Analyst Guide With Real-World Evidence
Analyst-oriented guide to using kill-chain thinking with real-world evidence and defensible CTI structure.
ctidetectionkill chain
Full guide2026-05-08
Manual CTI vs. AI-Assisted CTI: A Step-by-Step Clock Comparison
Side-by-side comparison of manual CTI work and AI-assisted CTI, focused on which steps compress and which risks remain.
ctiaiworkflow
Original order + tags
Filter high-signal articles by format and tag
Full guide2026-05-21
The Intelligent Shield. OpenCTI
OpenCTI deployment and AI-driven enrichment guide covering STIX 2.1, connectors, feeds, confidence scoring, hardening, and operational runbooks.
ctitoolaidetectionOpenCTI
Short guide2026-05-18
CTI Analyst Field Manual - Complete Reference
Entry point for the CTI Analyst Field Manual, intended as a reference map rather than a single deep technical walkthrough.
ctiguidereference
Article2026-05-13
Customer-Driven AI CTI Project
Overview and workflow quick reference for a gate-controlled CTI-to-detection project model.
ctiaidetectionworkflow
Full-long guide2026-05-12
Customer-Driven AI CTI Project Template: Part 2B - Reference Toolkit
Reference toolkit for CTI-to-detection execution, including artifacts, validation gates, and reusable delivery material.
ctidetectiontooltemplates
Full-long guide2026-05-12
Customer-Driven AI CTI Project Template. Part 2A: Phase-by-Phase Execution Guide
Phase-by-phase implementation guide for moving from intelligence requirements to hunts, detections, and customer delivery.
ctiaidetectionworkflow
Full-long guide2026-05-11
Customer-Driven AI CTI Project Template. Part 1: Foundations
Foundational methodology for a customer-driven AI CTI lifecycle with strict validation gates.
ctiaimethodologyworkflow
Full guide2026-05-10
Applying Sherman Kent's Analytic Discipline to CTI: A Practical Analyst Guide
Practical guide to evidence discipline, confidence language, and analytic integrity for CTI production.
ctiguideanalysis
Full-long guide2026-05-09
CTI-Led Defensive Strategy for a Cellular Provider (Case Study)
End-to-end telecom case study for core network, cloud operations, SOC/NOC, identity, third-party access, and executive decision support.
cticloudsoctelecom5G
Short guide2026-05-09
CTI Kill Chain: An Analyst Guide With Real-World Evidence
Analyst-oriented guide to using kill-chain thinking with real-world evidence and defensible CTI structure.
ctidetectionkill chain
Full guide2026-05-08
Manual CTI vs. AI-Assisted CTI: A Step-by-Step Clock Comparison
Side-by-side comparison of manual CTI work and AI-assisted CTI, focused on which steps compress and which risks remain.
ctiaiworkflow
Full guide2026-04-07
Android APK Analysis Tool: AI-Powered Static Malware Analysis in Your Terminal
Practical guide to static APK analysis with YARA, semantic scoring, VirusTotal, multi-provider AI, and Frida hooks.
malwareandroidaitool
Full-long guide2026-04
AI in Offensive Operations: How Threat Actors Use Artificial Intelligence
Evidence-based research report on attacker AI use, named incidents, provider disclosures, TTPs, and forecast judgments.
aioffensivectiresearch
Full guide2026-03-20
Attribution Methodology: How to Build, Defend, and Challenge a Threat Actor Attribution
Attribution framework covering evidence types, confidence, false flags, cluster-level vs incident-level claims, and common mistakes.
ctiattributionanalysis
Full-long guide2026-03-19
ATT&CK as a Working Tool: Theory and Hands-On Practical Usage
Practitioner guide for using ATT&CK in CTI mapping, gap analysis, detection engineering, hunting, and emulation.
ctidetectionATT&CKtool
Full guide2026-03
Infrastructure Pivoting: How CTI Analysts Expand From a Single IOC to a Full Attacker Network
Field guide for pivoting from a single IOC through passive DNS, reverse IP, ASN reuse, TLS certificates, and internet-wide search.
ctiosintinfrastructure
Full guide2026-03
CVSS v4.0: The Practical Field Guide for Vulnerability Management
Practical guide to CVSS-B, CVSS-BT, CVSS-BTE, KEV, EPSS, environmental scoring, and operational prioritization.
vulnerabilitytoolrisk
Full guide2026-03
I Built an AI-Powered Malware Debugger That Explains Every Function It Sees
Engineering walkthrough for AIDebug: FLIRT matching, malware pattern detection, CFG visualization, Frida hooks, and reporting.
malwarereverse engineeringaitool
Full guide2026-03
StratusAI: I Built an AI-Powered Cloud Security Scanner for AWS and GCP - Here's Everything
Engineering walkthrough for a multi-cloud scanner with AWS and GCP modules, LLM routing, Terraform deployment, and tests.
cloudawsgcpaitool
Complete topic navigation
18 Medium blog groups
These groups mirror the original Medium master index order and give direct section links for the full 100+ article map.
CTI & Threat Intelligence
Full guideThreat intelligence tradecraft, actor research, telecom threat mapping, attribution, infrastructure pivoting, ATT&CK, and CTI-to-detection work.
ctidetectionaitoolsoctelecomattributionATT&CK
- The Intelligent Shield. OpenCTI
- Customer-Driven AI CTI Project Template. Part 1: Foundations
- Customer-Driven AI CTI Project Template. Part 2A: Phase-by-Phase Execution Guide
- Customer-Driven AI CTI Project Template: Part 2B - Reference Toolkit
- Applying Sherman Kent’s Analytic Discipline to CTI
- CTI-Led Defensive Strategy for a Cellular Provider
- Manual CTI vs. AI-Assisted CTI
- ATT&CK as a Working Tool
- Attribution Methodology
- Infrastructure Pivoting
AI in Cybersecurity & HexStrike-AI
Full guideBig-picture AI security, HexStrike-AI setup, MCP/Cursor workflows, Gemini/OpenAI/Llama configuration, and productivity frameworks.
aioffensivetoolHexStrikeMCPCursor
- The AI Revolution in Cybersecurity
- HexStrike-AI: A Force Multiplier for Red Teams
- HexStrike AI: Install, Configure, and Run MCP with Gemini, OpenAI, Cursor, Llama
- HexStrike on Kali Linux 2025.4
- HexStrike + Gemini vs. HackerAI
- The 20x Employee
AI-Driven Pentesting & Exploitation
Full guideHands-on AI-assisted pentesting workflows for network discovery, web apps, wireless, SMB/SSH, password recovery, cloud scanning, and lab exploitation.
offensivelabaitoolpentestwirelesscloud
- AI-Driven Pentesting at Home
- AI-Driven Web Application Pentesting with HexStrike-AI
- AI-Driven Wireless Penetration Testing
- HexStrike + Cursor full subnet compromise
- AI-Assisted Web and Cloud Penetration Testing
- StratusAI
Burp Suite, Web Scanners & LLM/MCP
ArticleBurp Suite, scanner interpretation, MCP integrations, payload planning, and classic web scanner guides.
weboffensivetoolBurpMCPscanner
- Getting More from Burp Suite with LLMs
- Burp Suite MCP + Gemini CLI
- Mastering Burp Suite Vulnerability Scanner
- Cracking Web Interfaces with Burp Suite
Reconnaissance & OSINT
ArticleTarget discovery, Shodan, Censys, theHarvester, Sublist3r, Amass, SpiderFoot, WhatWeb, and LLM-assisted recon planning.
osintoffensivetoolreconattack surface
- Nmap Meets ChatGPT
- Shodan
- theHarvester
- Sublist3r
- OWASP Amass
- SpiderFoot
- Censys
- WhatWeb
Nmap & Network Scanning
Full guideNmap fundamentals, service detection, version probing, scripts, scan strategy, and network assessment syntax.
offensivetoolnetworknmapscanner
- Mastering Nmap Part 1
- Mastering Nmap Part 2
- Mastering Nmap Part 3
- Mastering Nmap Part 4: Scripts
Web Application Security (Non-AI)
Full guideTraditional web testing with OWASP ZAP, SQLMap, DirBuster, Nikto, and staged reconnaissance-to-scanning methodology.
weboffensivetoolOWASPSQL injection
- OWASP ZAP
- SQLMap Part 1
- SQLMap Part 2
- DirBuster
- Nikto
- Web App PT Stage 1
- Web App PT Stage 2
Metasploit & Exploitation
Full guideMetasploit foundations, auxiliary modules, exploit modules, and practical SSH/FTP/Telnet exploitation workflows.
offensivetoolexploitationMetasploit
- Metasploit Part 1
- Auxiliary modules
- Exploit modules
- SSH exploitation
- FTP exploitation
- Telnet cracking
Password & Credential Cracking
Full guideJohn the Ripper, Hashcat, Hydra, WiFi cracking, PDF/Office/ZIP recovery, RDP, RTSP, and custom wordlist generation.
passwordsoffensivetoolcredentialscracking
- John the Ripper
- Hashcat
- Hydra
- Aircrack-ng
- PDF cracking
- Office document cracking
- RTSP brute force
- Personal Pass Generator
Active Directory & Red Team
Full guideAD penetration testing, ADCS ESC8, certificate abuse, lab deployment, and MITRE ATT&CK tool mapping for red teams.
adoffensivelabred teamADCS
- Active Directory Penetration Testing
- ADCS ESC8
- AD lab in Cursor AI
- Tools by MITRE ATT&CK
Cloud & Kubernetes Security
Full guideGCP pentesting, vulnerable cloud labs, Kubernetes lab design, black-box K8s playbooks, and cloud-native detection.
cloudkubernetesgcpawslaboffensive
- GCP Pentesting
- Vulnerable GCP lab
- Vulnerable cloud lab
- Vulnerable Kubernetes lab
- Black-box Kubernetes PT
- Cloud-native security
Labs & Training Environments
Full guideVulnerable Ubuntu and Windows labs, IIS/SharePoint lab, DVWA automation, DragonRx, vulnerable AI lab, and one-prompt training environments.
labtrainingterraformwindowslinuxai
- Vulnerable Ubuntu lab
- Vulnerable Windows lab
- IIS SharePoint lab
- DVWA with Ansible
- Vulnerable AI Lab
- Operation DragonRx
Malware Analysis & Forensics
Full guideStatic malware analysis, file metadata, strings, obfuscation, automated triage tools, Android APK analysis, and AI-assisted forensics.
malwareforensicstoolaiandroidstatic analysis
- Android APK Analysis Tool
- AIDebug
- Static Malware Analysis
- File Fingerprinting
- Strings Analysis
- Obfuscation
- Digital Forensics with AI
Threat Hunting & Detection
Full guideEndpoint hunting, protocol-level hunting, Pyramid of Pain, single-event and correlation detection rules, and CI/CD defense.
detectionsocthreat huntingblue teamrules
- Endpoint Threat Hunting
- Wireshark threat hunting
- Pyramid of Pain
- Single-event detection
- Correlation detection
- CI/CD defense
Tool Development & Cursor AI
ArticleBuilding security tools and payload workflows with Cursor AI, including Android Rubber Ducky payloads and Arduino Leonardo hardware builds.
toolaicursorpayloadshardware
- Android Rubber Ducky payloads in Cursor AI
- USB Rubber Ducky with Arduino Leonardo
SOC, Awareness & Best Practices
ArticleSOC Tier 1 onboarding, awareness, phishing protection, OWASP Top 10 secure coding, server hardening, and baseline PT toolkits.
socawarenesssecure codinghardeningtraining
- SOC Tier 1 onboarding
- Information Security Awareness
- Phishing awareness
- OWASP Top 10
- Server hardening
- Basic PT toolkit
Logging, DevOps & XPLG
ArticleFluent Bit, AWS EKS log shipping, Kubernetes DaemonSets, EKS control-plane logs, XPLG integration, and Linux reporting tools.
devopsloggingcloudkubernetestoolXPLG
- Fluent Bit Windows service
- Fluent Bit on AWS EKS
- Fluent Bit Kubernetes DaemonSet
- EKS logs to XPLG
- syscheck_beauty
Reader Input & Meta
Short guideFeedback, future topic requests, and meta-navigation material for the blog.
metafeedbacknavigation
- What Do You Want to Read?
Direct links
High-confidence article URLs
This list follows the original navigator group order. When an exact article URL is not verified, the link opens the correct section in the Medium master index.
The Intelligent Shield. OpenCTIcti / detection / aiCustomer-Driven AI CTI Project Template. Part 1: Foundationscti / detection / aiCustomer-Driven AI CTI Project Template. Part 2A: Phase-by-Phase Execution Guidecti / detection / aiCustomer-Driven AI CTI Project Template: Part 2B - Reference Toolkitcti / detection / aiApplying Sherman Kent’s Analytic Discipline to CTIcti / detection / aiCTI-Led Defensive Strategy for a Cellular Providercti / detection / aiManual CTI vs. AI-Assisted CTIcti / detection / aiATT&CK as a Working Toolcti / detection / aiAttribution Methodologycti / detection / aiInfrastructure Pivotingcti / detection / aiThe AI Revolution in Cybersecurityai / offensive / toolHexStrike-AI: A Force Multiplier for Red Teamsai / offensive / toolHexStrike AI: Install, Configure, and Run MCP with Gemini, OpenAI, Cursor, Llamaai / offensive / toolHexStrike on Kali Linux 2025.4ai / offensive / toolHexStrike + Gemini vs. HackerAIai / offensive / toolThe 20x Employeeai / offensive / toolAI-Driven Pentesting at Homeoffensive / lab / aiAI-Driven Web Application Pentesting with HexStrike-AIoffensive / lab / aiAI-Driven Wireless Penetration Testingoffensive / lab / aiHexStrike + Cursor full subnet compromiseoffensive / lab / aiAI-Assisted Web and Cloud Penetration Testingoffensive / lab / aiStratusAIoffensive / lab / aiGetting More from Burp Suite with LLMsweb / offensive / toolBurp Suite MCP + Gemini CLIweb / offensive / toolMastering Burp Suite Vulnerability Scannerweb / offensive / toolCracking Web Interfaces with Burp Suiteweb / offensive / toolNmap Meets ChatGPTosint / offensive / toolShodanosint / offensive / tooltheHarvesterosint / offensive / toolSublist3rosint / offensive / toolOWASP Amassosint / offensive / toolSpiderFootosint / offensive / toolCensysosint / offensive / toolWhatWebosint / offensive / toolMastering Nmap Part 1offensive / tool / networkMastering Nmap Part 2offensive / tool / networkMastering Nmap Part 3offensive / tool / networkMastering Nmap Part 4: Scriptsoffensive / tool / networkOWASP ZAPweb / offensive / toolSQLMap Part 1web / offensive / toolSQLMap Part 2web / offensive / toolDirBusterweb / offensive / toolNiktoweb / offensive / toolWeb App PT Stage 1web / offensive / toolWeb App PT Stage 2web / offensive / toolMetasploit Part 1offensive / tool / exploitationAuxiliary modulesoffensive / tool / exploitationExploit modulesoffensive / tool / exploitationSSH exploitationoffensive / tool / exploitationFTP exploitationoffensive / tool / exploitationTelnet crackingoffensive / tool / exploitationJohn the Ripperpasswords / offensive / toolHashcatpasswords / offensive / toolHydrapasswords / offensive / toolAircrack-ngpasswords / offensive / toolPDF crackingpasswords / offensive / toolOffice document crackingpasswords / offensive / toolRTSP brute forcepasswords / offensive / toolPersonal Pass Generatorpasswords / offensive / toolActive Directory Penetration Testingad / offensive / labADCS ESC8ad / offensive / labAD lab in Cursor AIad / offensive / labTools by MITRE ATT&CKad / offensive / labGCP Pentestingcloud / kubernetes / gcpVulnerable GCP labcloud / kubernetes / gcpVulnerable cloud labcloud / kubernetes / gcpVulnerable Kubernetes labcloud / kubernetes / gcpBlack-box Kubernetes PTcloud / kubernetes / gcpCloud-native securitycloud / kubernetes / gcpVulnerable Ubuntu lablab / training / terraformVulnerable Windows lablab / training / terraformIIS SharePoint lablab / training / terraformDVWA with Ansiblelab / training / terraformVulnerable AI Lablab / training / terraformOperation DragonRxlab / training / terraformAndroid APK Analysis Toolmalware / forensics / toolAIDebugmalware / forensics / toolStatic Malware Analysismalware / forensics / toolFile Fingerprintingmalware / forensics / toolStrings Analysismalware / forensics / toolObfuscationmalware / forensics / toolDigital Forensics with AImalware / forensics / toolEndpoint Threat Huntingdetection / soc / threat huntingWireshark threat huntingdetection / soc / threat huntingPyramid of Paindetection / soc / threat huntingSingle-event detectiondetection / soc / threat huntingCorrelation detectiondetection / soc / threat huntingCI/CD defensedetection / soc / threat huntingAndroid Rubber Ducky payloads in Cursor AItool / ai / cursorUSB Rubber Ducky with Arduino Leonardotool / ai / cursorSOC Tier 1 onboardingsoc / awareness / secure codingInformation Security Awarenesssoc / awareness / secure codingPhishing awarenesssoc / awareness / secure codingOWASP Top 10soc / awareness / secure codingServer hardeningsoc / awareness / secure codingBasic PT toolkitsoc / awareness / secure codingFluent Bit Windows servicedevops / logging / cloudFluent Bit on AWS EKSdevops / logging / cloudFluent Bit Kubernetes DaemonSetdevops / logging / cloudEKS logs to XPLGdevops / logging / cloudsyscheck_beautydevops / logging / cloudWhat Do You Want to Read?meta / feedback / navigation